This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Shimovpn First view 2019-04-15
Product Shimo Vpn Last view 2019-04-17
Version 4.1.5.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:shimovpn:shimo_vpn

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2019-04-17 CVE-2018-4007

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.

7.8 2019-04-17 CVE-2018-4006

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.

7.8 2019-04-17 CVE-2018-4005

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.

5.5 2019-04-17 CVE-2018-4004

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit.

7.8 2019-04-15 CVE-2018-4009

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.

7.8 2019-04-15 CVE-2018-4008

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.

CWE : Common Weakness Enumeration

%idName
66% (4) CWE-20 Improper Input Validation
16% (1) CWE-494 Download of Code Without Integrity Check
16% (1) CWE-269 Improper Privilege Management